Keeping your hard-earned money safe involves more than smart money management. Nowadays, it helps to be just as smart about security.
Bank account takeover fraud is on the rise, according to Transunion, which reports a 20% increase in the amount of suspected digital account takeover (also known as ATO) attempts globally between 2023 and 2024, signifying a 129% increase since 2022.
In this article, you’ll get an understanding of what account takeover fraud is and how it happens, red flags to watch out for, ways you can protect your financial accounts, and steps to take if your account is ever compromised.
What is bank account takeover fraud?
Bank account takeover fraud is when a scammer “takes over” your account, pretending to be you after getting access to your login information. Scammers may get access to your personal information in a number of ways, from taking advantage of weak passwords to sending out phishing emails to malware attacks and data breaches. (We’ll get into each of these challenges in more detail in a moment.)
Once the scammer has obtained your personal information, such as login credentials or a Social Security number, they can pretty much do whatever they want with your account. This may include:
- Taking your money
- Racking up fraudulent charges
- Opening up fake accounts with your information
Account takeover fraud happens fast and can have devastating consequences. It may affect your immediate financial life, but could also impact your credit score, which may affect your ability to obtain credit in the future. At the very least, dealing with fraud can be extremely stressful and overwhelming.
Your Funds - Protected
Wisely helps protect your card with fraud alerts and card-locking features.
What is an example of account takeover?
Have you ever received an email that came from a seemingly legitimate source, asking you to log into your account for “security purposes”? The message may have looked like this:
“Urgent: Suspicious activity detected. Click here to verify your account.”
If this sounds familiar, you may have already experienced attempts to gain access to your personal information. The sender plays on your natural tendency to quickly take action to prevent your account from being compromised. When you click on the link provided, it takes you to a page that looks just like your financial institution’s website. You enter your login credentials, not realizing you’ve just given away your personal information to scammers. In this type of account takeover attack, the page itself is “fake.” It’s been designed to look familiar to you, with your financial institution’s logo and the usual buttons and links you would expect.
Scammers are using artificial intelligence (AI) to compose emails in perfect English that sound professional and realistic, and the emails may be coming from what appears to be a legitimate, domain-related address.
With the increased usage of AI, scammers are getting even better at not making mistakes. It used to be easier to spot scammy emails from addresses like yourbankalertz49501@gmail.com and to spot misspellings on phony websites. Now, however, scammers are using AI to compose emails in perfect English that sound professional and realistic, and they may be coming from what appears to be a legitimate, domain-related email address, such as fraud.alerts@yourbank.com.
In the age of AI and with the constant evolution of scam tactics, it’s better to manually visit your bank’s website or mobile app and log in that way. You could also contact your financial institution’s fraud department to let them know about the suspicious communication or activity you’re seeing.
How does account takeover happen?
Bank account takeover fraud is sophisticated and scammers are constantly coming up with new and creative ways to steal information. No one is exempt from experiencing fraud, but it helps to know the types of scams out there so you can better defend yourself and your accounts.
So, how does account takeover happen, exactly? These are some of the most common ways:
Phishing attacks
The previous example of receiving an email that looks legitimate is one example of a phishing attack. Scammers are assuming you will respond quickly to a perceived security threat. You go to a fake page and hastily log in, not realizing you’ve just offered up your credentials in the process.
Malware infections
This account takeover scheme can happen any time you click on a bad link in an email or on a questionable website. It can also happen when you download infected software or even when you’re accessing “free stuff,” like games or PDFs. Visiting a compromised website can also make you vulnerable. Malware can be installed on your computer or your web browser, wreaking havoc and stealing your information as you strike the keys on your keyboard.
Credential stuffing
You’ve probably received emails or letters in the mail announcing that your information was part of a massive data breach. This means scammers hacked a system–like a large bank or retailer–and obtained thousands, if not millions of email addresses and other personal information. The scammers then use automated technology to try out the different usernames and passwords on a variety of websites. They assume (correctly) that most people use the same email and password for multiple websites.
Social engineering
Any time someone manipulates another person into giving up their personal information or access–all while pretending to be a trustworthy party–it’s considered social engineering. Bank account takeover fraud is one example of this.
SIM swapping
Scammers who gain access to your personal information can convince your mobile phone provider to transfer your phone number to their SIM card, which is a tiny chip within all mobile phones. The chip holds your phone number and carrier information, and it allows you to make calls, send texts, and use mobile data. Once the SIM is swapped, scammers can intercept your two-factor authentication (2FA) texts and reset your passwords.
While these are some of the more common account takeover methods, fraudsters may also try to get your information with:
- Man-in-the-middle attacks – intercepting your data when you’re on public WiFi
- Point-of-sale skimming – stealing your personal information via the card machine you use to pay at a store or gas tank
- Fake mobile apps – publishing phony versions of bank and payment apps
- Account recovery abuse – tampering with your account recovery options, like your backup email address
While the digital world seems fraught with danger, there are ways to protect yourself. The most powerful account takeover prevention tool you have is knowledge. So by understanding scammer tactics, you can be better prepared to recognize the red flags of fraud and take steps to keep your accounts safe.
Leave Hidden Fees Behind
With Wisely there are no annual fees. No minimum balance fees. No fees on everyday spending. And no overdraft fees because we won't let you overdraft your card.
What are the red flags of an account takeover attack?
First, it’s important to monitor your accounts on a regular basis. That way it’s easier to recognize any suspicious activity and report it promptly. Here are some red flags of an account takeover attack:
- Unrecognized transactions – This is any charge to your account that doesn’t look familiar. But beware: Scammers often make small charges through commonly used websites and retailers, hoping you won’t notice, or making you think it’s your own purchase.
- Unexpected password changes – Did you receive an email or text about a change in password? If it wasn’t you, be sure to reach out to the (legitimate) source and report it right away.
- Login alerts from unfamiliar locations or devices – You may have received a “Was this you?” confirmation message when you use your computer or device in a new location. If it wasn’t you, scammers may be at play.
- Missing emails or communications – You’re expecting your monthly bank statement but it never comes. Check to make sure your account hasn’t been hijacked.
Account takeover mitigation starts with prevention. Monitoring your accounts regularly is one of the best ways to prevent bank account takeover fraud.
How common are bank account takeover schemes?
According to the Federal Trade Commission, one of the most commonly reported scam categories is imposter scams (when someone pretends to be in a position of trust in order to obtain people’s personal information). A 2024 Identity Fraud study by Javelin, a source for independent financial services research, found that more than one in four fraud victims in the United States experienced a bank account takeover as part of their fraud case.
So, account takeover schemes are becoming increasingly common–if not “expected”–and they’re impacting millions of Americans every year. Keep in mind, your financial accounts are just one way scammers may attack. It’s crucial to safeguard all of your online accounts, from shopping to social media.
How to prevent account takeover
Preventing account takeover starts with these five simple tips for keeping your accounts safe:
- Create a strong password and password storage system.
- Set up two-factor authentication (2FA).
- Monitor your financial accounts every day.
- Only use secure networks and devices.
- Be overly cautious about sharing personal information.
Mitigating the risk of bank account takeover fraud is where you have the most control. By implementing some best practices now, you can help prevent scammers from taking over your account.
1. Create strong, unique passwords and a safe storage system.
People often avoid complex passwords because they’re afraid of not being able to remember them. Starting now, it may help to shift your mindset to creating passwords that even you can’t remember. Using a reliable password generator and manager, like LastPass, is one way to establish safer storage of passwords across all websites. No sticky notes on the side of a cabinet!
2. Set up two-factor authentication (2FA).
It may seem inconvenient at first but imagine the inconvenience of having your credentials used without your knowledge, or having to fight to get your own identity back. Having 2FA for your accounts can help protect against scammers getting easy access to your information.
3. Monitor your accounts daily.
It only takes a few minutes for scammers to do damage. Make a habit of monitoring your accounts, especially your financial accounts, every day. This way you can spot unusual activity before it potentially gets worse.
4. Only use secure devices and networks.
Avoid using public WiFi for banking or financial activities, and keep your security settings up to date on your phone and computer.
5. Be cautious about sharing personal information.
Report unsolicited requests and only provide personal information to trusted parties. A trusted party might be the number on the back of your debit card. When you call the number, they may ask you for verifying information, like home address, phone number, or last four digits of your Social Security number.
Smarter Savings with Wisely
Set up automatic savings transfers. Categorize money into savings envelopes with the myWisely app.
Steps to take if you suspect an account takeover
Taking immediate action is critical in preventing financial loss and restoring integrity to your account.
- Call your financial provider right away. Report suspected fraud to initiate preventive measures.
- Change affected passwords. Update your login credentials for the account in question. Be sure to update any other accounts that use similar information.
- Monitor account activity. Make sure to set up alerts (e.g., text, email) and keep an eye on your account.
- Report to authorities. While it’s not legally required, it’s highly recommended, especially if you know the suspected scammer and a large amount of money was stolen. In some cases, your financial institution may require this report for reimbursement purposes.
Keep in mind that bank account takeover fraud can happen to anyone, even people who are savvy and cautious. It’s important to constantly educate yourself about fraud tactics while remaining vigilant about your accounts. This means keeping your personal information to yourself, using difficult-to-remember passwords and a smart password storage system, and monitoring your accounts regularly so you can stay ahead of the scammers.
Leveraging Wisely security features for enhanced protection
Wisely helps keep your account safe from fraudsters:
- Get real-time transaction alerts to quickly identify unauthorized activities.
- Lock your card instantly through the myWisely app® to prevent new charges.
- Use our advanced authentication methods to keep your account safe.
BY Arif Alibhai Sr. Director Compliance Design, ADP
Concerned about account security? Wisely card protections can help keep your account safe.
Footnotes
This content is for informational purposes only and may have been derived, with permission, from a third party. While we believe it to be accurate as of the date of publication, it does not constitute the rendering of legal, accounting, tax, or investment advice or other professional services by ADP and it is being provided without any warranty whatsoever. Please consult with appropriate professionals related to your individual circumstances.
The Wisely Pay Visa® is issued by Fifth Third Bank, N.A., Member FDIC or Pathward®, N.A., Member FDIC, pursuant to a license from Visa U.S.A. Inc. The Wisely Pay Mastercard® is issued by Fifth Third Bank, N.A., Member FDIC or Pathward, N.A., Member FDIC, pursuant to license by Mastercard International Incorporated. The Wisely Direct Mastercard is issued by Fifth Third Bank, N.A., Member FDIC. ADP is a registered ISO of Fifth Third Bank, N.A., or Pathward, N.A. The Wisely Pay Visa card can be used everywhere Visa debit cards are accepted. Visa and the Visa logo are registered trademarks of Visa International Service Association. The Wisely Pay Mastercard and Wisely Direct Mastercard can be used where debit Mastercard is accepted. Mastercard and the circles design are registered trademarks of Mastercard International Incorporated.
ADP, the ADP logo, Wisely, myWisely, and the Wisely logo are registered trademarks of ADP, Inc.
The Wisely Pay Visa® is issued by Fifth Third Bank, N.A., Member FDIC or Pathward®, N.A., Member FDIC, pursuant to a license from Visa U.S.A. Inc. The Wisely Pay Mastercard® is issued by Fifth Third Bank, N.A., Member FDIC or Pathward, N.A., Member FDIC, pursuant to license by Mastercard International Incorporated. The Wisely Direct Mastercard is issued by Fifth Third Bank, N.A., Member FDIC. ADP is a registered ISO of Fifth Third Bank, N.A., or Pathward, N.A. The Wisely Pay Visa card can be used everywhere Visa debit cards are accepted. Visa and the Visa logo are registered trademarks of Visa International Service Association. The Wisely Pay Mastercard and Wisely Direct Mastercard can be used where debit Mastercard is accepted. Mastercard and the circles design are registered trademarks of Mastercard International Incorporated.
ADP, the ADP logo, Wisely, myWisely, and the Wisely logo are registered trademarks of ADP, Inc.
Copyright © 2025 ADP, Inc. All rights reserved.
By clicking 'Leave', you will exit myWisely and be directed to a third party website which may have different privacy and security settings.